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Microsoft Ignite 
The Tour 


Learn. Explore. Connect. 
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Risk Reduction for your Endpoints 
Using Microsoft Threat Protection 


The cybersecurity landscape is rapidly changing 


Cyberspace Is 
the new 
battlefield 
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Security skills are in 
short supply 


Virtually 
anything can be 
attacked 
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==The challenge of securing your-environment 
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Bad actors are using The digital estate Integrated, intelligent 
Increasingly creative offers a very broad correlation and.action 
and sophisticated Surface area that Is on signals is difficult, 
attacks. difficult to secure. time-consuming, and 


expensive. 


Shared threat 
data from 


Microsoft Intelligent Security Graph 


Unique insights, informed by trillions of signals 


partners, 
OneDrive researchers, 
Outlook and law 
BB enforcement 
® threats worldwide 


detected on 
devices every 
month 


200+ Botnet data 
global cloud consumer from 


400B 


emails 
analyzed 


1.2B 


devices scanned 
each month 


and commercial | Windows | Microsoft 
services fm 0110 Digital Crimes 
lea Unit Microsoft 
accounts 


Enterprise 
security for 


90% = 


Fortune 500 


18B+ Bing 
web pages 
scanned 


Xbox Live 


450B 


monthly 
authentications 


Azure user 
accounts 


Microsoft Threat 
Protection 


E. P 4 x Infrastructu 
Identities Endpoints User Data Cloud Apps A 
Users and Admins Devices and Email messages SaaS Applications Servers, Virtual 
Sensors and documents and Data Stores Machines, 
Databases, 
Networks 


Intelligent Security Graph 
6.5 TRILLION signals per day 


Microsoft Threat Protection 


Identities: Validating, verifying 
and protecting both user and 
admin accounts 


Endpoints: protecting user 
devices and signals from sensors 


User Data: evaluating email 
messages and documents for 
malicious content 


Cloud Apps: protecting SaaS 
applications and their associated 
data stores 


Infrastructure: protecting 
servers, virtual machines, 
databases and networks across 
cloud and on-premises locations 


00000 


a 


EEE REE EE 


— ч се чы е өз ыз ае ч шы ша ны шь шь шь ч шы шь чы ie ша чы шы ше ы шш ш 


Ф = > 
Azure Active Azure Advanced Microsoft Cloud 
Directory . Threat Protection App Security | 
= 2 Ü 


| Microsoft Intune ` 


Windows 10 


Center 


n ESS EEE 


g 
Windows Defender | 
Advanced Threat 


u eee 0 0 mg 


===. аннынан ана S... 


EEE ahi ES 


Protection 

шд | 
" B g | 
Windows Server Exchange Online | 
"Linux _ Protection 


solves your challenge 


Identities 


Today’s “Wie is mulți 


Mail 
Encryption 
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Optimal security, minimal complexity 
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solves your challenge 
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Identities Endpoints User Data Cloud Apps Infrastructu 
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Optimal security, minimal complexity 
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The Next Generation of Threat & 
Vulnerability Management 
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Microsoft Defender 
dvanced Threat Protection 


Built-in. Cloud-powered. 
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Security 
monitoring 
Vulnerability ATTACK SURFACE NEXT GENERATION ENDPOINT DETECTION AUTO INVESTIGATION MICROSOFT 
REDUCTION PROTECTION & RESPONSE & REMEDIATION THREAT EXPERTS 
ПЕГИ E ELEME 
t 


CENTRALIZED CONFIGURATION AND ADMINISTRATION, APIS 


Microsoft Defender 
dvanced Threat Protection 


Built-in. Cloud-powered. 
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THREAT & VULNERABILITY ATTACK SURFACE NEXT GENERATION ENDPOINT DETECTION AUTO INVESTIGATION 
MANAGEMENT REDUCTION PROTECTION & RESPONSE & REMEDIATION 


CENTRALIZED CONFIGURATION AND ADMINISTRATION, APIS 
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MICROSOFT 
THREAT EXPERTS 


Question 


You have discovered 99 vulnerabilities in your 
environment - which should be prioritized first? 


A. Affects the most hosts 


B. Highest media attention 


C. Most critical severity 


Vulnerability Management (VM): 


The process In which vulnerabilities in IT are 
discovered and the risks of these vulnerabilities 
are evaluated 


Brief History 


Commercial VM Application aware Technology 
Network fingerprinting Identifying application coverage 
and banner grabbing security vulnerabilities and Supporting Container, Cloud 
1990 2000 л 2010 Virtualization, IOT, Mobile, Today 
SCADA... 
EE | ZI @ə е ө @, ө 
SATAN Authenticated Plugin ecosystem Agent-Baseq 
1st network vulnerability scanning Extending functionality via Continuous data collection 
scanner ; Sn modules (e.g. Web Fuzzing) 
Enabled end point visibility & 
i x deep software analysis (e.g. 


ActiveX) 


Key customers’ pain points 
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Discover Prioritize Compensa 
Periodic Based on severity Waiting te a patch 
scanning No threat view No IT/Security 

Blind spots Missing org bridge 

No run-time context Manual process 

info Large threat No validation 
“Siloed reports 


Bottom line: Organizations remain highly vulnerable, despite high maintenance costs 


Risk based approach to vulnerability management 
B \ Threat & 
Ө ^ ) Business 


Prioritization 
Continuo 
о PO 


Discovery 


© LA Automated 
Compensation 


@ © Continuous Discovery 


Extensive vulnerability assessment across the entire stack 


Easiest to exploit 


Hardest to discover 


Application extension vulnerabilities 

Application-specific vulnerabilities that relate to component within the 
application. 

Far examnle: Grammarlv Chrome Fxtencian (CVFE-2018-6654) 

Application run-time libraries vulnerabilities 

Reside in a run-time libraries which is loaded by an application 
(dependency). 

For example: Electron JS framework vulnerability (CVE-2018-1000136) 


Application vulnerabilities (15 and 3" party) 
Discovered and exploited on a daily basis. 
For example: 7-zip code execution (CVE-2018-10115) 


OS kernel vulnerabilities 

Becoming more and more popular in recent years due to OS exploit 
mitigation controls. 

For example: Win32 elevation of privilege (CVE-2018-8233) 

Hardware vulnerabilities (firmware) 

Extremely hard to exploit, but can affect the root trust of the 
system. 

For example: Spectre/Meltdown vulnerabilities (CVE-2017-5715) 


e © Continuous Discovery 


Broad secure configuration assessment (secure score- +) 


Operation system er Application misconfiguration 
misconfiguration H | 


File Share Analysis 


Least-privilege principle 


Client/Server/Web application 
Security Stack configuration analysis 


OS baseline SSL/TLS Certificate assessment 


ЇЕ. Account misconfiguration Ta Network misconfiguration 
Password Policy Open ports analysis 
Permission Analysis Network services analysis 


WDATP TVM 
Continuous Discovery Demo 


Calculation of Associated Risk 


Vulnerability 


Number of vulnerabilities exploited (past decade) 


14803 


: 8846 
No confirmed 
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1035 1026 1076 
848 888 643 530 841 862 749 
1 2 3 4 5 6 7 8 9 10 


Source: IBM X-Force/Analysis: Gartner Research 


Risk evolve over time 


Vulnerabilities evolve over time as threat grows 
Example: WannaCry ransomware campaign 


Metasploit module 
May 1802617 


WannaCry attack 
May 12, 2017 


EternalBlue exploit 
April 16220327 


Risk growth 
MS017-010 released 


March 14, 2017 


@ B \ Threat & Business Prioritization (“TLV”) 
T Helping customers focus on the right things at the right time 


T 


Threat Landscape 


Vulnerability characteristics (CVSS score, days 
vulnerable) 


Exploit characteristics (public exploit & difficulty, 
bundle) 


EDR security alerts (Active alerts, breach history) 
Threat analytics (live campaigns, threat actors) 
Breach Likelihood 

Current security posture 

Internet facing 

Exploit attempts in the org 


Business Value 


HVA analysis (WIP, HVU, critical 
process) 


Run-time & Dependency analysis 


WDATP TVM 
Risk-Driven Prioritization 
Demo 


5 stages of mitigation grief 


Denial = Anger — Bargaining 
"These results are "This whole assessment "What's the real risk? We have 
all false positives" effort is a waste of time” a compensating control.." 
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Depression Acceptance 


"| keep patching, but new “It's going to be OK. 
vulnerabilities are killing me" | can't fight it" 


Risk treatment 
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Remediation Mitigation Accept 
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© LA Automated Compensation 


Bridging between the IT and Security admins 


Game changing IT/Security bridge scenarios 
1-click remediation requests via Intune/SCCM 
Automated task monitoring via run-time analysis 


Tracking Mean-time-to-mitigate KPIS 


Rich exception experience to mitigate/accept risk 


Ticket management integration (Intune, Planner, Service Now, 
JIRA) 


WDATP TVM 
Risk Compensation 
Demo 


WDATP TVM 
Putting it all together 


Question 


You have discovered 99 vulnerabilities in your 
environment - which should be prioritized first? 


A. Affects the most hosts B. Highest media attention 


Microsoft Threat 
Protection 


Microsoft Threat 
Protection 
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E. à P 4 x Infrastructu 
Identities Endpoints User Data Cloud Apps A 
Users and admins Devices and Email messages SaaS applications Servers, virtual 
sensors and documents and data stores machines, 
databases, 
networks 


Optimal security with minimal complexity 
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